Mobile push authentication improves transaction security, improves user experience

6th May 2021 By: Schalk Burger - Creamer Media Senior Contributing Editor

Mobile push authentication messages provide a better user experience and protect users more effectively than password-protected accounts and one-time pins (OTP), which is important to protect data as more companies have adopted cloud computing and remote working, says device identity and authentication software company Entersekt CTO Gerhard Oosthuizen.

US wireless network operator Verizon’s annual security report showed that compromised credentials are the most often used asset (80%) when it comes to data breaches. Two-factor authentication, such as OTP technology, adds a layer of protection, but often increases user friction and is susceptible to work-arounds, such as SIM-swap and man-in-the-middle attacks.

Additional security that slows down the user experience will cause irritation and potentially lose a business valuable customers, Oosthuizen says.

Entersekt uses an end-user’s digital device to authenticate them. Its certificate-based device identification technology ensures that only the user's own trusted device can be used and, if combined with biometrics, eliminates the need to enter a password or an OTP, which enables a passwordless experience.

More robust technologies like mobile push authentication have now replaced OTP as the industry standard in authentication. Unlike OTP, authentication messages delivered via push messaging technology are out of band.

“This means they do not rely on the same channel to deliver authentication requests and responses that was used to initiate the original, potentially fraudulent, transaction,” Oosthuizen explains.

In addition to the stronger security, technologies like push-based authentication also offer a better user experience.

“The user receives the full request on their trusted mobile app and can approve it from there, and do not have to wait for an OTP to arrive or switch between apps. Leveraging the user’s device to create a strong device identity can make authentication experiences seamless and can use the biometric sensor on a device to eradicate the use of passwords while increasing security,” he says.